Bitcoin Security 101

The fiat banking system (USD, Euro, etc) is like a walled garden. Not much can happen to your money in normal every-day use and your bank is responsible for the security of your funds. If something goes wrong you can usually call someone (the bank or the credit card company) to fix the issue or even initiate a charge-back. You don’t have to worry about backups or special procedures when handling your money.

This all changes with bitcoin. The problem is that the average user is not used to this radical shift in responsibility and as a result a lot of money can be lost by simple mistakes. And there is no one you can call to have it fixed. With bitcoin it is literally: “Be your own bank”. And this also implies caring about security.

There are stories popping up every week about people losing bitcoins by technical failure, user error or stolen from online exchanges or wallets. 90% of these can be prevented by following the basic rules:

When using an online service such as an bitcoin exchange: Enable 2-Factor-Authentication (like Google authenticator) on your account!

Without 2-Factor Authentication everyone can steal all your bitcoins with just your account password. It happens a lot! How the attackers get your password is another story, but they will eventually. Check the account management area of your bitcoin exchange or service on how to set up two factor authentication. Pro Tip: When setting up you will most likely get a secret key in form of a QR code to scan with your smartphone/google authenticator app. Print this QR code out on paper and keep it in a safe place. It will help you to access your account if your Smartphone is lost or stolen.

Always have direct control of your bitcoins (private keys). If you don’t have the keys, you don’t control the bitcoins.

Bitcoins are stored in wallets. Wallets are collections of public and corresponding private keys where the public key is represented by the bitcoin address. If your bitcoins are not in a bitcoin address that you directly control, they are not under your control.

Example: You bought bitcoins on Mt. Gox, Bitstamp, Coinbase or any other exchange and you have not withdrawn them from the exchange. In that case you do not have full control over your bitcoins. If the exchange gets hacked or as it happened with some smaller exchanges where the owner claims the exchange got hacked: Your bitcoins are gone for good. The same applies for online wallets: Instawallet and Inputs.io got hacked and a lot of coins got stolen.

Solution: Withdraw your coins from exchanges and only keep coins there that you want to sell in the immediate future. Don’t use online wallets for more than pocket change (below ~$100). Same applies to wallets on smartphones. Also be sure to enable the password function to encrypt your wallet and use a strong password that you will NOT forget!

You can write down hints in safe places if you think you might forget your wallet password. Let me repeat: make sure you don’t lose the password. Just recently someone lost 90% of his bitcoins because he generated a very strong password and by technical/user error the password was not saved in the password management application. The bitcoins were lost forever! Test that everything works before setting a password. Save the password first and make sure it is there. If you use a password management application you need to do backups of these files too of course.